On Saturday 23 February 2002 06:12 pm, Pedro Hugo wrote:
> There are rumours about an exploit for apache 1.3.22 at least...
> Don't have yet details on it...
> Anyone else heard about it ?

Disclaimer: I have no exploits, dont ask for any. If you really want
details, do a source diff on php 4.0.6 and 4.1.x for rfc1687.c.

There is a bug in the php_split_mime function in PHP 3.x and 4.x. There is a
working exploit floating around which provides a remote bindshell for PHP
versions 4.0.1 to 4.0.6 with a handful of default offsets for different
platforms. Since the PHP developers commited another change to the affected
source file (rfc1687.c) about two days ago, speculation is that there is yet
another remote exploit. There are tools floating around whch demonstrate
numerous SEGV's in the PHP module, not only in the mime decoder...

Exploits have been floating around for at least 2 months, you would think
someone would step up and shed some light on this to the general public by
now. The sad thing is that certain folks in the "security industry" have
known about this for almost as long as there have been exploits, yet nothing
was ever made public.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]